CVE-2008-7283
published 2011-03-18CVE-2008-7283: Open Ticket Request System (OTRS) before 2.2.6, when customer group support is enabled, allows remote authenticated users to bypass intended access…
PriorityP425medium6CVSS 2.0
AVNACMAuSCPIPAP
EPSS
0.90%
55.1th percentile
Open Ticket Request System (OTRS) before 2.2.6, when customer group support is enabled, allows remote authenticated users to bypass intended access restrictions and perform web-interface updates to tickets by leveraging queue read permissions.
Affected
43 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | otrs2 | < otrs2 2.2.6-1 (bullseye) | otrs2 2.2.6-1 (bullseye) |
| otrs | otrs | <= 2.2.5 | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
CVSS provenance
nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
osv6.0MEDIUM
vendor_debian6.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2008-7283: otrs2 - Open Ticket Request System (OTRS) before 2.2.6, when customer group support is e...
vendor_debian·2008·CVSS 6.0
CVE-2008-7283 [MEDIUM] CVE-2008-7283: otrs2 - Open Ticket Request System (OTRS) before 2.2.6, when customer group support is e...
Open Ticket Request System (OTRS) before 2.2.6, when customer group support is enabled, allows remote authenticated users to bypass intended access restrictions and perform web-interface updates to tickets by leveraging queue read permissions.
Scope: local
bullseye: resolved (fixed in 2.2.6-1)
GHSA
GHSA-vgm4-v633-q73c: Open Ticket Request System (OTRS) before 2
ghsa_unreviewed·2022-05-17
CVE-2008-7283 [MEDIUM] GHSA-vgm4-v633-q73c: Open Ticket Request System (OTRS) before 2
Open Ticket Request System (OTRS) before 2.2.6, when customer group support is enabled, allows remote authenticated users to bypass intended access restrictions and perform web-interface updates to tickets by leveraging queue read permissions.
OSV
CVE-2008-7283: Open Ticket Request System (OTRS) before 2
osv·2011-03-18·CVSS 6.0
CVE-2008-7283 [MEDIUM] CVE-2008-7283: Open Ticket Request System (OTRS) before 2
Open Ticket Request System (OTRS) before 2.2.6, when customer group support is enabled, allows remote authenticated users to bypass intended access restrictions and perform web-interface updates to tickets by leveraging queue read permissions.
No detection rules found.
No public exploits indexed.
2011-03-18
Published